PIV Card and VPN FAQ
This FAQ is designed to provide information to the Frederick National Laboratory campus regarding the NIH mandate requiring PIV cards to be able to login to PCís or to utilize the 2-Factor VPN service on PC and Macintosh systems.

PIV Cards, PINs, and Certificates

Q: What is a PIV card? What is a PIN?
A: PIV card refers to the NIH smart card badge that was issued as part of a background investigation that verifies a personís identity and that they were eligible for Federal Employment. PIV stands for Personal Identity Verification and this FAQ will refer to these NIH badges as PIV cards. When you were issued your PIV card, you established a Personal Identification Number.

Q: Where can I renew my certificates? Replace a lost PIV card? What if I forget my PIN?
A: You can reset a forgotten PIN or renew your digital certificates at a Lifecycle Workstation (LWS).

FNLCR currently has three LWS locations in Frederick:

Ft. Detrick Campus:
Bldg 426 Rm 159: Contact x4500 to schedule an appointment
Bldg 362 Rm 40: Contact x1060 to schedule an appointment

ATRF Campus:
Wing E Rm 2212: Contact x1283 to schedule an appointment

Users can also use the Access Card Utility located on their desktop to update their certs if they are due to expire in the next 42 days, but not before this time period or after they have expired. For instructions on how to use this application, please go to: http://itsolutionscenter.cit.nih.gov/selfservice/viewContent.do?externalId=24609&sliceId=1

Q: Is my PIV certificate expired? How often do I need to renew my certificate?
A: Certificates are valid for 11-month periods for Contractors, while Government employees are 2-1/2 years. To check expiration dates of your PIV card certificates, you may open an Internet Explorer browser window and check through Tools, Internet Options, Content tab, Certificates.
NOTE: Certificate expiration is separate from the badge expiration date listed on your badge.

Q: Okay, Iíve logged in with my PIV card and PIN, do I still need to update my Windows Network Password?
A: Yes, users are still required to update their NIH Windows Network Password every 60 days. The recommended method for updating or changing your password is by using: https://iforgotmypassword.nih.gov

Q: What is stored on my PIV card?
A.The PIV Card displays your printed picture, your full name, agency, organization, card expiration date, card serial number, and a federal agency smart credential number that uniquely identifies your agency and you. The card also stores a personal identification number (PIN), a unique identifier, an authentication key, and two electronic fingerprints.

Q: What is 2-factor authentication?
A: Two-factor authentication is a method used to increase the security needed to access a given system. Rather than just a password, a card and password together are required to gain access. The access given by the PIV smart card is termed "2-Factor Authentication" because it includes:

  • Something known, like a PIN or a password, (a mental item) and
  • Something you have, like a smart card or an RSA or SecureID token (a physical object)
Q: What machines are affected by the current PIV card mandate and what is the timeline for implementation at NCI-Frederick?
A: Beginning January 29, 2013, all government owned PCís at the Frederick National Laboratory will be required to be logged into with a PIV card.

  • Scientific Equipment is not subject to this mandate.
  • While there is no current timetable for Macís to use PIV card readers to login, all new Macís purchased at the Frederick National Laboratory must include a PIV Card Reader on the purchase request.
  • For a list of recommended PIV Card Readers, please see our Frederick National Laboratory PIV Card Information & Ordering Page.
Q: What are the requirements for Macintosh systems that run OS 10.8 Mountain Lion?
A: Apple did not include support for SmartCards in Mountain Lion, so Macintoshes that require VPN need to also include Thursbyís PKard software as part of the Purchase Order: Thursby's PKard Software

  • Currently, NIH VPN and ITAS are the only application that requires the Thursby PKard software to support 2 factor authentication for Macintoshes, but if 2 factor authentication is needed to access other NIH resources or applications in the future, Mac users would need to purchase this software at that time.

PIV Readers

All new systems will be required to have a PIV card reader included in the order; however, most PC laptops can be configured with an integrated reader.

Q: What if I lose my PIV Card Reader or need an additional one for home use for 2-Factor VPN?
A: The Frederick HelpDesk has a limited number of readers, so if you lose the PIV card reader we issued you, we have a page that lists recommended PIV readers with ordering information included: http://css.ncifcrf.gov/information/piv/readers.asp. Typical cost for a reader is ~$25.00.

2-Factor VPN

Q: How do I get the 2-Factor VPN client? What else do I need?
A: The 2-Factor VPN client is now installed on all government-owned laptops. For users who utilize VPN from their home machine, the Frederick HelpDesk can provide you the 2-Factor VPN client software and installation instructions. You may bring your government issued PIV reader home when you need to use VPN, or you can purchase an additional reader for use on your home machine.

Additional Resources and Support

NIH ID Badge Website: http://idbadge.nih.gov

NIH Smart Card Website: http://smartcard.nih.gov

Frederick National Laboratory PIV Card Information & Ordering Page: http://css.ncifcrf.gov/information/piv/readers.asp

Connecting the VPN client

Installation instructions for PIV Card and VPN software

Pivcard.exe installation file

Individuals working at the Frederick National Laboratory who need Smartcard badging assistance, please contact:
Kim Kieffer (Contractor)
SAIC-Frederick / Frederick National Laboratory
Phone: 301-846-4629

All other questions and concerns can be addressed by contacting the Frederick HelpDesk at 301-846-5115 or fredhelpdesk@nih.gov.